Re: SBS 2008 Public website on port 80 blocked

Tech-Archive recommends: Fix windows errors by optimizing your registry

"Joe" wrote:

Flo Wirehead wrote:

"Susan Bradley" wrote:

Flo Wirehead wrote:
I have installed SBS 2008 with port 80 open on my router and a FQDN set up
with my DNS host. I have put some HTML and PHP content in my wwwroot folder,
and it is accessible internally from the LAN. It is also accessible by its
FQDN from the internal network. It is NOT accessible externally by its FQDN
from the internet.

It doesn't return any kind of error message other than a timeout.

In the Windows Firewall setting, it says that it is predefined, and I cannot
change anything. Or can I?

I have also tried disabling the Windows Firewall for the public part, but
there is no effect.

Please help.
Sounds more like a firewall publishing issue? What external firewall do
you have?

There is no other firewall -- only the Windows Firewall and the Linksys
router. No DMZ enabled on the router either.

Thank God for that, at least. Then you need to configure the router to
forward port 80 to the SBS IP address.

I have port 80 & 81 traffic forwarded to the SBS. It works when I add a
binding for the default web site to port 81, but not to port 80.

You also need to consider the server and all PCs not isolated from it by
a good firewall to be expendable. Instruct all users that no valuable or
confidential data is ever to be stored on these machines. Set up a
schedule for very frequent backups, monitor the router continuously for
unexpected outgoing traffic, and budget for downtime to reformat and
reinstall the server from time to time.

There will only be public documents on the public web server which will be
located in a separate building on a separate network from the office server.

I would trust that all active web content has been written by a
professional web designer with plenty of experience of web security with
PHP and any other active protocols you are using. You might just get
away with static pages, but active content makes a public web server
very vulnerable to compromise, though there's no way of guessing how often.

If you are not familiar with the term 'cross-site scripting', here is a
basic introduction: http://en.wikipedia.org/wiki/Cross-site_scripting

.

Relevant Pages

  • Re: 3 LAN, 2 WAN - 2 LAN use 1 WAN, last LAN uses other WAN
    ... Internet over different paths after that. ... With a single LAN Router for all the segments, ... Then each "business" uses the Firewall they are supposed to use for the ...
    (microsoft.public.windows.server.networking)
  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... >It will be a while I get the router and do that. ... >> labelling on the box to be sure it has firewall features. ... name, like Disconnect from Internet, and click Finish. ... generally talking only about "critical patches" that affect security. ...
    (comp.security.firewalls)
  • Re: Networking problems with router between 2 p.c.s
    ... >> router for internet access. ... >> disable the internet connection firewall in the LAN ... isn't suitable for use on a local area network. ...
    (microsoft.public.windowsxp.network_web)
  • RE: Personal Firewalls
    ... // love suggestions for a PC level firewall that would protect ... about the uploading/downloading from a public web server to a home system. ... The first is a router to router VPN connection. ... Tiny Personal Firewall - can be very confusing and mistake prone if not ...
    (Security-Basics)
  • Re: Is this a wise configuration?
    ... A have a single DSL connection to the internet at my house. ... connection goes through a router, ... With this many "test" servers running, however, there are many ... Generally referred to as "DMZ" when you search for firewall info ...
    (comp.os.linux.networking)